Spec#

Established: June 11, 2004

Spec# is a formal language for API contracts (influenced by JML, AsmL, and Eiffel), which extends C# with constructs for non-null types, preconditions, postconditions, and object invariants. Spec# comes with a sound programming methodology that permits specification and reasoning about object invariants even in the presence of callbacks and multi-threading. Spec# is a research vehicle that has been used to explore specifications and the dynamic/static tools that make use of them.

Overview

Overview

The Spec# programming system is a new attempt at a more cost effective way to develop and maintain high-quality software. Spec# is pronounced “Spec sharp” and can be written (and searched for) as the “specsharp” or “Spec# programming system”. The Spec# system consists of:

The Spec# programming language. Spec# is an extension of the object-oriented language C#. It extends the type system to include non-null types and checked exceptions. It provides method contracts in the form of pre- and postconditions as well as object invariants.

The Spec# compiler. Integrated into the Microsoft Visual Studio development environment for the .NET platform, the compiler statically enforces non-null types, emits run-time checks for method contracts and invariants, and records the contracts as metadata for consumption by downstream tools.

The Spec# static program verifier. This component (codenamed Boogie) generates logical verification conditions from a Spec# program. Internally, it uses an automatic theorem prover that analyzes the verification conditions to prove the correctness of the program or find errors in it.

A unique feature of the Spec# programming system is its guarantee of maintaining invariants in object-oriented programs in the presence of callbacks, threads, and inter-object relationships.

Benchmarks

Benchmarks

We provide some benchmarks that can be used to compare the power and performance of other program verifiers and theorem provers. These are generated from the Boogie test suite, and consist of BoogiePL programs (the majority of which were produced by Boogie from Spec# programs in the Boogie test suite) and the verification conditions that Boogie produced from these BoogiePL programs in the format of the Simplify theorem prover.

99.44% pure: Useful Abstractions in Specifications. [PDF]Mike Barnett, David A. Naumann, Wolfram Schulte, and Qi Sun. In FTfJP 2004A method for allowing methods that have restricted side-effects to be used in specifications.

Friends Need a Bit More: Maintaining Invariants Over Shared State. [PDF]Mike Barnett and David A. Naumann. In MPC 2004.A methodology for relaxing the ownership system in Spec#.